* phosphor-ipmi-flash in-band update question
@ 2019-07-10 8:59 George Hung (洪忠敬)
2019-07-15 16:57 ` Patrick Venture
0 siblings, 1 reply; 2+ messages in thread
From: George Hung (洪忠敬) @ 2019-07-10 8:59 UTC (permalink / raw)
To: Patrick Venture (venture@google.com)
Cc: OpenBMC Maillist (openbmc@lists.ozlabs.org)
[-- Attachment #1: Type: text/plain, Size: 545 bytes --]
Hi Patrick,
We’d like to do in-band firmware update by phosphor-ipmi-flash, but it must provide the signature file otherwise it exited directly.
How do we make the appropriate signature file for phosphor-ipmi-flash and also verify it successfully ?
Or is there a way to do FW update without a signature file?
Besides, since we use Nuvoton BMC to update by LPC bridge, it needs to configure the MAPPED_ADDRESS as the reserved memory region.
Does it have to add the similar configuration to device tree like Aspeed ?
Thanks.
[-- Attachment #2: Type: text/html, Size: 3622 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: phosphor-ipmi-flash in-band update question
2019-07-10 8:59 phosphor-ipmi-flash in-band update question George Hung (洪忠敬)
@ 2019-07-15 16:57 ` Patrick Venture
0 siblings, 0 replies; 2+ messages in thread
From: Patrick Venture @ 2019-07-15 16:57 UTC (permalink / raw)
To: George Hung (洪忠敬)
Cc: OpenBMC Maillist (openbmc@lists.ozlabs.org)
On Wed, Jul 10, 2019 at 2:00 AM George Hung (洪忠敬)
<George.Hung@quantatw.com> wrote:
>
> Hi Patrick,
>
>
>
> We’d like to do in-band firmware update by phosphor-ipmi-flash, but it must provide the signature file otherwise it exited directly.
You must provide a verification mechanism, this can just be a script
that writes "success" to the output file.
That can be in a script that's called by a service installed to the
verification target listed on the README.
IMAGE_FILE=/run/initramfs/bmc-image
VERIFIED_FILE=/run/initramfs/image-bmc
STATUS_FILE=/tmp/bmc.verify
mv ${IMAGE_FILE} ${VERIFIED_FILE}
echo "success" > ${STATUS_FILE}
>
>
>
> How do we make the appropriate signature file for phosphor-ipmi-flash and also verify it successfully ?
You can do whatever signature you wish, could just be md5sum. In
which case, on the host you can md5sum the image-bmc file, and then
write the md5sum to a file, that's sent down as the signature file.
Then the script above could compare the md5s before writing success.
Are you using static layout, or ubi?
If you're using static layout, it currently writes the bytes to
IMAGE_FILE above by default. So you'd need something like the above
script to move it into a usable update name.
Again, this is if you're using this type of update mechanism. If
you're using phosphor-bmc-code-mgmt, then there is something more to
be done, and it's not yet supported. Hopefully it will be in a couple
weeks.
>
>
>
> Or is there a way to do FW update without a signature file?
Yes, see above. Although I do recommend trying to check against
something to validate the bytes are what you expect.
>
>
>
> Besides, since we use Nuvoton BMC to update by LPC bridge, it needs to configure the MAPPED_ADDRESS as the reserved memory region.
>
>
>
> Does it have to add the similar configuration to device tree like Aspeed ?
Yes. The MAPPED_ADDRESS for the Aspeed is the memory-region you've
set aside in your device-tree for the BMC.
>
>
>
>
>
> Thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-07-15 16:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-10 8:59 phosphor-ipmi-flash in-band update question George Hung (洪忠敬)
2019-07-15 16:57 ` Patrick Venture
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.